Simple Apex Controller with CRUD and FLS
This simple controller (without CRUD and FLS) ... | |
public with sharing class AccountController { | |
@AuraEnabled | |
public static List<Account> findAll() { | |
return [SELECT id, name, Location__Latitude__s, Location__Longitude__s | |
FROM Account | |
WHERE Location__Latitude__s != NULL AND Location__Longitude__s != NULL | |
LIMIT 50]; | |
} | |
} | |
... should be rewritten like this (With CRUD and FLS): | |
public with sharing class AccountController { | |
@AuraEnabled | |
public static List<Account> getAccounts() { | |
String [] fields = new String [] { | |
'Id', | |
’Name', | |
’Location__Latitude__s', | |
’Location__Longitude__s' | |
}; | |
Map<String,Schema.SObjectField> m = Schema.SObjectType.Account.fields.getMap(); | |
for (String field : fields) { | |
// Check if user has permission to view field | |
if (!m.get(field).getDescribe().isAccessible()) { | |
throw new System.NoAccessException() | |
return null; | |
} | |
} | |
return [SELECT id, name, Location__Latitude__s, Location__Longitude__s | |
FROM Account | |
WHERE Location__Latitude__s != NULL AND Location__Longitude__s != NULL | |
LIMIT 50]; | |
} | |
} |
This comment has been minimized.
This comment has been minimized.
+1 |
This comment has been minimized.
This comment has been minimized.
If the field is accessible, so is the object. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This comment has been minimized.
Jeff, Should we also not check Schema.SObjectType.Account.isAccessible() either on line 28 or 39?